International Workshop on Obfuscation: Science, Technology, and TheoryApril 7-8, 2017 • New York University

OBFUSCATION WORKSHOP REPORT

Circumvention Through Obfuscation

Amir Houmansadr, University of Massachusetts Amherst

The Problem of Internet Censorship

The Internet plays a crucial role in today’s social and political movements by facilitating the free circulation of speech, information, and ideas; democracy and human rights throughout the world critically depend on preserving and bolstering the Internet’s openness. Recent events in Tunisia, Egypt, Turkey, and the rest of the world give strong indications that oppressive regimes can even be overthrown by the power of people mobilized to fight by organizing, communicating, and raising awareness through use of the Internet. Consequently, repressive regimes, totalitarian governments, and corrupt corporations regulate, monitor, and restrict access to the Internet, which is broadly known as Internet censorship.

Censorship Techniques

The techniques commonly used to enforce censorship include IP address blocking, DNS hijacking, and TCP content filtering to block access to certain destinations or to prevent certain forms of content from being transmitted. To ensure compliance and to detect undercover political/social activists, repressive regimes additionally utilize Deep Packet Inspection (DPI) and other techniques to disable the operation of all censorship circumvention technologies by their citizens. Consequences of non-compliance can be severe, ranging from identification and termination of employment to life-threatening prosecutions under repressive governments.

Common Circumvention Mechanisms

To help the affected users bypass censorship, various groups of researchers and practitioners have designed and deployed a toolset of systems, called circumvention systems or anti-censorship tools. Such systems use various techniques to disable the censorship mechanisms introduced above, i.e., IP address blocking, DNS interference, and DPI-based keyword filtering. We roughly classify existing censorship circumvention tools into the following groups:

Tools that Obfuscate Identity: The most common technique for censorship is to blacklist the IP addresses of the forbidden websites. Therefore, a large number of circumvention systems try to obfuscate the IP addresses (identities) of the websites or services being browsed by the censored users. Such systems include the widely used HTTP proxies, VPN services, and their variants such as the Tor network. Other recent techniques obfuscate traffic by running entangling circumvention identities with that of popular Internet services like cloud services and CDNs.

Tools that Obfuscate Content: Modern censorship technologies are able to perform Deep-Packet Inspection, i.e., inspect the content of network traffic for forbidden keywords and content. Therefore, most circumvention tools deploy mechanisms to obfuscate the content of (forbidden) communication by the censored user. The most trivial way of obfuscating content is encrypting packet contents using keys shared between the users and the circumvention servers. To defeat omniscient censors who whitelist traffic (instead of blacklisting) a new circumvention proposals encrypts traffic such at it matches the regular expressions of normal traffic (this known as format-transforming encryption).

Tools that Obfuscate Protocol: Modern censors aim at blocking popular circumvention systems like Tor and VPNs. Such systems perform efficient mechanisms to obfuscate content and identity (IP addresses), however, the censors try to detect them based on the patterns of their network communications. For instance, Tor traffic is comprised of packets with unique sizes that easily identify Tor traffic to the censors. Therefore, modern circumvention tools aim at obfuscating their underlying protocol to evade blocking. In particular, several new mechanisms modify Tor traffic such that its traffic pattern imitate that of a non-forbidden protocol like Skype.

Summary

While there are a wide range of censorship circumvention technologies, they have one thing in common: they all deploy obfuscation on way or another to defeat the censors. The implemented obfuscation trades off resistance to censorship with the quality of service provided by such systems, e.g., too much obfuscation can slow down the Internet browsing experience of the censored users. Therefore, the key challenge to designing circumvention systems is keeping the right balance between censorship resistance efficiency and usability.